Tagged Questions

Padding has two primary uses in cryptography, ensuring messages are the proper length necessary for certain ciphers (e.g., block ciphers) or to provide assurances not built into the core cipher (e.g., semantic security)

The biggest problem with using MtE with a mode where it's known to be secure (CBC) is with the padding, where you can't retrieve the authentication until you know where it is by looking at the padding ...

I was wondering how decryption would work for FPE in the case of cycled Feistel ciphers. I understand that simply reiterating through the networks with reversed key order will generate the ciphertext ...

Is CBC with Ciphertext Stealing (CTS) considerably weaker than CBC with padding such as PKCS7?
I would imagine the most common situation where CTS is necessary would be due to some size constraint of ...

I'm playing around with an application for secure email-like communication and I want to perform length hiding padding on the plaintext messages so they always have a consistent size before encrypting ...

As said in the heading, I want to know how the security of different padding methods, e.g. ANSI X.923, ISO 10126 and PKCS7, is compared to other methods to reach the needed block size, like ciphertext ...

I'm quite new to the topic and read a bit about poodle and padding oracle.
I quite understand the "regular" padding oracle attack, substituting the last byte of block(n-1) to determine the last byte ...

Can somebody please explaint me how does sLHAE works in TLS? I met this term in some TLS papers and struggled to understand how it works, specifically the "length-hiding" part.As to my understanding ...

I read something about the padding oracle attack when analysing the use of an AES-encryption of data in a database and was "scared" it could be a serious issue.
But after investigating a bit further, ...

I have a bit problem with padding. Everything goes fine when I encrypt the text BUT when I decrypt I see some extra characters. Sometime's one character sometimes more and I dont know how to remove ...

I'm trying to understand the SSL Poodle Attack and I'm wondering why the last block of a CBC Record can be full of padding? Wouldn't that mean that the useful data was already a multiple of the key ...

I've read everywhere online and people say plain text RSA is very unsafe. To make it safe you pad it but no examples are shown anywhere on how to do it. It's explained that random data is added to the ...

I've got an API spec that specifies NRPAD and FPAD as possible padding schemes. I see these being used together with the Korean SEED algorithm. The SEED specification however is void of any padding ...

Whenever a ciphertext is decrypted using a block-cypher, we need to remove the padding. There are different ways to add padding, but they usually set the last byte of the last block to the number of ...

Padding oracle attacks are a huge nuisance when using CBC mode encryption without authentication. Wouldn't all those padding oracle attacks be avoided if we'd just use bit padding instead? Or is does ...

I understand the need for padding in MD5. But why do we append the message length to the padding?
I heard it strengthens the hash but how?
Please provide an example if possible and how it applies to ...

Apparently current best practices recommend that you do not compress before you encrypt.
For example in this blog entry (*):
http://sockpuppet.org/blog/2013/07/22/applied-practical-cryptography/
It ...

I am very new to cryptography so I don’t know much about it. I have been given a very large $N$ value and $E$ value to decrypt a ciphertext which was created using a AES 128 key and a IV by using RSA ...

From this excellent answer I learned (correct me if I am wrong) that when writing a block cipher with say key size 128 bit, one has to pad the password given (variable size) so that it becomes exactly ...

I've read several texts which say that if the entire plaintext is a multiple of the block-size padding is not required (and not using padding would not mean a loss of security).
I generally disagree ...

As everybody knows in order to calculate HMAC we have to concatenate padding to the message. I am just curious why the padding needs to be fixed-length. Why do we need the blocksize parameter here?
...

Assume that I have an plaintext $m$ and it is padded with $randompad||00||m$ and then it is encrypted with RSA and a public encryption key so we get the encrypted $Sm$.
Then to assure its integrity ...